设置CentOS的DNS为windows域控的IP地址;
用以下脚本进行加域:
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
|
yum
install
pam_krb5* krb5-libs* krb5-workstation* krb5-devel* krb5-auth samba samba-winbind* samba-client* samba-swat* -y
chkconfig smb on && chkconfig winbind on
mv
/etc/samba/smb
.conf
/etc/samba/smb
.conf.org
cat
>
/etc/samba/smb
.conf << EOF
[global]
workgroup = locallocaldomain
password server =
dc
.localdomain.
local
realm = localdomain.
local
security = ads
idmap config * : range = 16777216-33554431
template shell =
/bin/bash
winbind use default domain =
false
winbind offline logon =
false
server string = Samba Server Version %
v
log
file
=
/var/log/samba/log
.%m
max log size = 50
load printers = no
EOF
mv
/etc/krb5
.conf
/etc/krb5
.conf.org
cat
>
/etc/krb5
.conf << EOFI
[logging]
default = FILE:
/var/log/krb5libs
.log
kdc = FILE:
/var/log/krb5kdc
.log
admin_server = FILE:
/var/log/kadmind
.log
[libdefaults]
default_realm = localdomain.
local
dns_lookup_realm =
false
dns_lookup_kdc =
false
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable =
true
[realms]
SL.DX = {
kdc =
dc
.localdomain.
local
admin_server =
dc
.localdomain.
local
}
[domain_realm]
localdomain.
local
= localdomain.
local
.localdomain.
local
= localdomain.
local
EOFI
authconfig --updateall --enablewinbind --enablewinbindauth --enablewinbindusedefaultdomain --enablemkhomedir --enableshadow
service smb restart && service winbind restart
net
join
-U
|
使用下面的测试加域成功后是否能顺利进行身份认证
|
1
|
wbinfo -t
|
如果不成功,重新reivew修改配置下面两个文档后,重启winbind和samba两个服务:
|
1
2
|
/etc/samba/smb
.conf
/etc/krb5
.conf
|
本文转自 bannerpei 51CTO博客,原文链接:http://blog.51cto.com/281816327/1607680,如需转载请自行联系原作者
